OpenPKG Security Advisory
OpenPKG-SA-2006.034
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.034 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.034 Advisory Published: 2008-08-07 21:55 UTC Issue Id (internal): OpenPKG-SI-20061115.01 Issue First Created: 2006-11-15 Issue Last Modified: 2006-12-07 Issue Revision: 07
Subject Name: Texinfo Subject Summary: GNU Documentation System Subject Home: http://www.gnu.org/software/texinfo/ Subject Versions: * <= 4.8a Vulnerability Id: CVE-2006-4810 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: arbitrary code execution Description: Miloslav Trmac from Red Hat discovered [0] a buffer overflow in GNU Texinfo [1]. The flaw was found in a function used by Texinfo's texi2dvi(1) and texindex(1) commands. An attacker could construct a carefully crafted Texinfo file that could cause texi2dvi(1) or texindex(1) to crash or possibly execute arbitrary code when opened. References: [0] https://rhn.redhat.com/errata/RHSA-2006-0727.html [1] http://www.gnu.org/software/texinfo/
Primary Package Name: texinfo Primary Package Home: http://openpkg.org/go/package/texinfo Affected Distribution: Affected Branch: Affected Package: OpenPKG Enterprise E1.0-SOLID texinfo-4.8a-E1.0.0 OpenPKG Community 2-STABLE-20061018 texinfo-4.8a-2.20061018 OpenPKG Community CURRENT texinfo-4.8a-20061013 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID texinfo-4.8a-E1.0.1 OpenPKG Community 2-STABLE-20061018 texinfo-4.8a-2.20061114 OpenPKG Community CURRENT texinfo-4.8a-20061114
